firefox is vulnerable to cross-origin access. The vulnerability exists due to not the adhering to the W3C’s Navigation-Timing Level 2
which allows an attacker to do potential cross-origin information exposure of history via timing side-channel attacks.
lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
access.redhat.com/errata/RHSA-2019:2694
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=1560495
usn.ubuntu.com/4150-1/
w3c.github.io/navigation-timing
www.mozilla.org/en-US/security/advisories/mfsa2019-27/
www.mozilla.org/security/advisories/mfsa2019-25/
www.mozilla.org/security/advisories/mfsa2019-26/
www.mozilla.org/security/advisories/mfsa2019-27/
www.mozilla.org/security/advisories/mfsa2019-29/
www.mozilla.org/security/advisories/mfsa2019-30/